Chromium Code Reviews Chromium Code Reviews
Issue 141703003:
Whitelist extensions from EXTERNAL_COMPONENT for public sessions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol icy_provider.h" | 5 #include "chrome/browser/chromeos/extensions/device_local_account_management_pol icy_provider.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| 11 #include "extensions/common/extension.h" | 11 #include "extensions/common/extension.h" |
| 12 #include "extensions/common/manifest.h" | 12 #include "extensions/common/manifest.h" |
| 13 #include "grit/generated_resources.h" | 13 #include "grit/generated_resources.h" |
| 14 #include "ui/base/l10n/l10n_util.h" | 14 #include "ui/base/l10n/l10n_util.h" |
| 15 | 15 |
| 16 namespace chromeos { | 16 namespace chromeos { |
| 17 | 17 |
| 18 namespace { | 18 namespace { |
| 19 | 19 |
| 20 // Apps/extensions explicitly whitelisted for use in device-local accounts. | 20 // Apps/extensions explicitly whitelisted for use in public sessions. |
| 21 const char* kDeviceLocalAccountWhitelist[] = { | 21 const char* kPublicSessionWhitelist[] = { |
| 22 // Public sessions in general: | 22 // Public sessions in general: |
| 23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP | 23 "cbkkbcmdlboombapidmoeolnmdacpkch", // Chrome RDP |
| 24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher | 24 "djflhoibgkdhkhhcedjiklpkjnoahfmg", // User Agent Switcher |
| 25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer | 25 "iabmpiboiopbgfabjmgeedhcmjenhbla", // VNC Viewer |
| 26 | 26 |
| 27 // Retail mode: | 27 // Retail mode: |
| 28 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo | 28 "ehcabepphndocfmgbdkbjibfodelmpbb", // Angry Birds demo |
| 29 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo | 29 "kgimkbnclbekdkabkpjhpakhhalfanda", // Bejeweled demo |
| 30 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator | 30 "joodangkbfjnajiiifokapkpmhfnpleo", // Calculator |
| 31 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo | 31 "fpgfohogebplgnamlafljlcidjedbdeb", // Calendar demo |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 NOTREACHED(); | 85 NOTREACHED(); |
| 86 return std::string(); | 86 return std::string(); |
| 87 #else | 87 #else |
| 88 return "whitelist for device-local accounts"; | 88 return "whitelist for device-local accounts"; |
| 89 #endif | 89 #endif |
| 90 } | 90 } |
| 91 | 91 |
| 92 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( | 92 bool DeviceLocalAccountManagementPolicyProvider::UserMayLoad( |
| 93 const extensions::Extension* extension, | 93 const extensions::Extension* extension, |
| 94 base::string16* error) const { | 94 base::string16* error) const { |
| 95 if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { | 95 if (account_type_ == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) { |
| 96 // Allow extension if it is an externally hosted component of Chrome. | |
| 97 if (extension->location() == | |
| 98 extensions::Manifest::EXTERNAL_COMPONENT) { | |
| 99 return true; | |
| 100 } | |
| 101 | |
| 102 // Allow extension if its type is whitelisted for use in public sessions. | |
| 103 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) | |
| 104 return true; | |
| 105 | |
| 106 // Allow extension if its specific ID is whitelisted for use in public | |
| 107 // sessions. | |
| 108 for (size_t i = 0; i < arraysize(kPublicSessionWhitelist); ++i) { | |
| 109 if (extension->id() == kPublicSessionWhitelist[i]) | |
| 110 return true; | |
| 111 } | |
| 112 } else if (account_type_ == policy::DeviceLocalAccount::TYPE_KIOSK_APP) { | |
| 96 // For single-app kiosk sessions, allow only platform apps. | 113 // For single-app kiosk sessions, allow only platform apps. |
| 97 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) | 114 if (extension->GetType() == extensions::Manifest::TYPE_PLATFORM_APP) |
| 98 return true; | 115 return true; |
| 99 | |
| 100 } else { | |
| 101 // Allow extension if its type is whitelisted for use in device-local | |
| 102 // accounts. | |
| 103 if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) | |
| 104 return true; | |
| 105 | |
| 106 // Allow extension if its specific ID is whitelisted for use in device-local | |
| 107 // accounts. | |
| 108 for (size_t i = 0; i < arraysize(kDeviceLocalAccountWhitelist); ++i) { | |
| 109 if (extension->id() == kDeviceLocalAccountWhitelist[i]) | |
| 110 return true; | |
| 111 } | |
|
asargent_no_longer_on_chrome
2014/01/23 18:53:35
Just to double-check, it looks like this CL change
bartfab (slow)
2014/01/24 10:06:19
Yes, this was intentional. There is actually no fu
| |
| 112 } | 116 } |
| 113 | 117 |
| 114 // Disallow all other extensions. | 118 // Disallow all other extensions. |
| 115 if (error) { | 119 if (error) { |
| 116 *error = l10n_util::GetStringFUTF16( | 120 *error = l10n_util::GetStringFUTF16( |
| 117 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, | 121 IDS_EXTENSION_CANT_INSTALL_IN_DEVICE_LOCAL_ACCOUNT, |
| 118 base::UTF8ToUTF16(extension->name()), | 122 base::UTF8ToUTF16(extension->name()), |
| 119 base::UTF8ToUTF16(extension->id())); | 123 base::UTF8ToUTF16(extension->id())); |
| 120 } | 124 } |
| 121 return false; | 125 return false; |
| 122 } | 126 } |
| 123 | 127 |
| 124 } // namespace chromeos | 128 } // namespace chromeos |
| OLD | NEW |
